Solved

Xcacls Problems : resetting home directories for individual users

Posted on 2006-06-19
15
402 Views
Last Modified: 2010-04-18
I have previously asked a question similar to this when i was figuring out the actual syntax to use for the command.  Now i have done that and have seen the command working i have a further query;

The below command seems to work in the login script as a .CMD file when i am logged in as myslef (a domain admin) but when the script runs when a normal user logs in it returns with 'ERRROR The filename, directory name or volume label syntax is incorrect'

\\[servername]\xcacls.exe "\\[servername]\home\%username%" /T /E /C /G %username%:f /y
pause (just to see it step through)

Just wondering if any expert has any pearls of wisdom on this, before i resort to resetting all home directory access manually and individually.

ANy help would be much appreciated

Thanks
leon

0
Comment
Question by:leont
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933493
Hi leont,


I think you can only grant rights if the USER running the script has the ability to play with rights.

You cannot (for example) give yourself superduper rights if you are guest.

When you are logging in, the "user" running the script is NOT the same user logging in. This is why you would use the login script to set the rights.

Regards,

Richard Quadling.
0
 
LVL 6

Expert Comment

by:Azhrei1
ID: 16933501
can you access the username share on that server while logged in as the user?

http://technet2.microsoft.com/WindowsServer/en/Library/8ec308b8-9229-44bb-acad-707ec1b7f0a91033.mspx?mfr=true
0
 

Author Comment

by:leont
ID: 16933561
Thanks for the quick response, in response to Azhrei1's query, they cannot access thier own directories this is why i was looking to do it via login script (xcacls) otherwise i will have to go through every users home profile directory to reset the access right so only they have full control access to their own directories.  Rquadling, i had a feeling it would be something like that, looks like theres no quick way to do this then?

Leon
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Expert Comment

by:Azhrei1
ID: 16933574
I will have to agree with Richard, Leon :(
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933609
OOI. Why not jus leave it in the Login script?

If they don't login, they can't access their files!

If they do, the login script sets the rights and they can access their files.

I don't see any problem.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 16933664
Since the user name and the folder name are identical, it's not too difficult to change those permissions at once.
Open a command prompt and enter a test command first (replacing the servername, obviously):
for /d %a in ("\\[servername]\home\*.*") do @ECHO @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y
If this generates the correct output, remove the @echo above:
for /d %a in ("\\[servername]\home\*.*") do @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y

If you prefer to put this into a batch script, replace the "%a" by "%%a" (the ECHO for the test mode is still there):

@echo off
for /d %%a in ("\\[servername]\home\*.*") do ECHO xcacls "%%a" /T /E /C /G %Userdomain%\%%~nxa:f /y
0
 

Author Comment

by:leont
ID: 16933676
Hi RQuadling, Thats the root problem, all the home drives where migrated from one server to another and they lost their individual full control access rights and thats what i'm trying to restore when they logon so only the user logging in can access thier own home drive and no one elses, that script works if its a domain admin user logging in but doesn't when the normal user logs in

leon
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933766
Aha!

Hmm.

I was just about to suggest oBdA's answer. As the usernames are the directory names, then a one shot of for /D will do the trick.
0
 

Author Comment

by:leont
ID: 16933976
i will have a look at that.

Thanks
0
 

Author Comment

by:leont
ID: 16949406
Hi everyone sorry for the delay in responding to close this question, wondering if someone could advise, as while i agree some of the suggestions may work in certain circumstances, i have eventually reverted to way i was originally going to do it so don't know who to assign the points to.  I was going to split the points between RQuading and oBdA, if anyone has any problems with this please let me know.

Thanks
Leon
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16949416
What way did you use?
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16949421
I have to say that oBdA's answer is right on the button for a one off fix.
0
 

Author Comment

by:leont
ID: 16966684
Thanks RQuading, i'll give oBdA the points then if thats ok.  In answer to your first question i took the cowards wayout of this one and reset all the home drive directories to a path that didn't exist i.e.

\\[servername]\homes\%username% (where homes doesn't exist) then went into each individual AD settings and changed it to;
\\[servername]\home\%username% and when the re-mapping is applied it resets the access for the user.

Long winded I know, good job i've only got around 400 users!!

thanks everyone.  I will look into the oBdA gave for future use but not that use to scripting, so i'll look through and figure out what that script actually does for myself.

again many thanks.

Leon
0
 
LVL 84

Expert Comment

by:oBdA
ID: 16966861
Have a look here, nice resources for batch scripting: http://www.robvanderwoude.com/
0
 

Author Comment

by:leont
ID: 16982888
Many thanks oBdA

Leon
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Learn about cloud computing and its benefits for small business owners.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question